Red hat linux

Firewalld Cheat Sheet

Prabath ThalangamaComment(0)

Notes and Tips

  • To list all services firewalld is aware in an easy to read format use command firewall-cmd --get-services | tr " " "\n"
  • Default firewalld service .xml files can be found under /usr/lib/firewalld/services
  • For all commands that support the --zone= option if no zone is provided it will use the default zone.
  • To make changes persistent add the --permanent option to your commands.
  • After changes are made you must run firewall-cmd --reload for changes to be loaded.
COMMAND DESCRIPTION
firewall-cmd --get-default-zone Show default zone
firewall-cmd --set-default-zone=zone Set the default zone
firewall-cmd --get-zones List all available zones.
firewall-cmd --get-active-zones List all active zones
firewall-cmd --get-services List all services firewalld is aware of
firewall-cmd --add-source=CIDR [--zone=zone] Route all traffic coming from the IP address or network/netmask to the specified zone.
firewall-cmd --remove-source=CIDR [--zone=zone] Remove the rule routing all traffic from the zone coming from the IP address or network/netmask network.
firewall-cmd --add-interface=interface [--zone=zone] Route all traffic coming from interface to the specified zone.
firewall-cmd --change-interface=interface [--zone=zone] Associate the interface with zone instead of its current zone.
firewall-cmd --list-all [--zone=zone] List all configured interfaces, sources, services, and ports for zone.
firewall-cmd --list-all-zones Retrieve all information for all zones (interfaces, sources, ports, services).
firewall-cmd --add-service=service [--zone=zone] Allow traffic to service.
firewall-cmd --add-port=port/protocol [--zone=zone] Allow traffic to the port/protocol port.
firewall-cmd --remove-service=service [--zone=zone] Remove service from allowed list for the zone.
firewall-cmd --remove-port=port/protocol [--zone=zone] Remove the port/protocol ports from the allowed list for the zone.
firewall-cmd --reload Drop the runtime configuration and apply the persistent configuration.
Prabath Thalangama
Web : sysadmin.lkEmail : inbox [at] sysadmin.lkLinkedin : https://www.linkedin.com/in/prabathtFacebook : https://www.facebook.com/prabath.hinoize

Related Articles
MySQL Red hat linux

How to gracefully reboot MariaDB Galera Cluster servers?

Prabath Thalangama

Cluster Configuration In this example configuration of two nodes, we assume that the servers are connected over private network. This allows direct connections without requiring SSH tunnels. The most important parts is to enable listening on IP protocol and to configure addresses and names of the cluster nodes. The config files are similar for each […]
Red hat linux

PHP 5.6 on CentOS/RHEL 7.4 and 6.9 via Yum

Prabath Thalangama

To install, first you must add the Webtatic EL yum repository information corresponding to your CentOS/RHEL version to yum: CentOS/RHEL 7.x: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm CentOS/RHEL 6.x: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm Remove old php version yum remove php* Now you can install PHP 5.6’s mod_php SAPI (along with an opcode cache) […]
Red hat linux

Sending SNMP Traps from Nagios

Prabath Thalangama

As well as receiving SNMP traps in Nagios, you can send SNMP traps from Nagios to a remote SNMP management station like HP OpenView (NNM) or the like. The easiest way to do this is to create a notification command that generates an SNMP trap. This way, you can use an SNMP management station as […]

Leave a Reply

Your email address will not be published. Required fields are marked *